Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22286

[QA](7.4.z) JBJCA-1427 - not possible to bypass GSSCredentials using Datasource.getConnection(username,password)

    XMLWordPrintable

Details

    • False
    • False
    • Regression
    • +
    • Undefined
    • Workaround Exists
    • Hide

      System property

      ironjacamar.jdbc.kerberos.copygsscredentials=true
      Show
      System property ironjacamar.jdbc.kerberos.copygsscredentials= true
    • Hide

      configuration from JBEAP-21373 can be used for debugging

      Show
      configuration from JBEAP-21373 can be used for debugging

    Description

      Tested with EAP from 7.4.x branch, commit 59e4f3297c1de493e4ff14492dbf0b73bde86cb3

      After JBEAP-21373 it is not possible to overload authentication defined in server configuration with DataSource.getConnection(username, password)

      <datasource jndi-name="java:jboss/datasources/TestDatasource" pool-name="TestDatasource" spy="true" statistics-enabled="true">
    <connection-url>URL</connection-url>
    <connection-property name="oracle.net.authentication_services">
        (KERBEROS5)
    </connection-property>
    <driver>jdbc_driver</driver>
    <pool>
        <min-pool-size>0</min-pool-size>
        <max-pool-size>1</max-pool-size>
        <prefill>false</prefill>
        <allow-multiple-users>true</allow-multiple-users>
    </pool>
    <security>
        <security-domain>DatabaseUser</security-domain>
    </security>
</datasource>

      And in the application then:

      @Resource(lookup = Constants.DATASOURCE_JNDI_NAME)
private DataSource ds;

....

ds.getConnection(username, password)

      username and password from getConnection method call should be used but kerberos authentication is used instead

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBJCA-1427 user and password should be copied to the properties if they are specified

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is caused by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-21373 (7.4.z) JBJCA-1426 - OAUTH marshaling failure when connecting to Oracle database using Kerberos authentication

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-22300 [QE](7.3.z) JBJCA-1427 - not possible to bypass GSSCredentials using Datasource.getConnection(username,password)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-22213 [GSS](7.4.z) Upgrade Ironjacamar from 1.4.35.Final-redhat-00001 to 1.5.2.Final-redhat-00001

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-engineering-lgao Lin Gao
              msimka@redhat.com Martin Simka
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: